Work with secure port

Description

If you try to authenticate your servers with certificates you may have read the gRPC Auth documentation or the python example and wonder how to do the same with DSG.

As DSG is just a wrapper around the gRPC server we expose settings to deal with the options you usualy pass to grpc.ssl_server_credentials.

To enable it you need to fill the PRIVATE_KEY_CERTIFICATE_CHAIN_PAIRS_PATH setting. This will fill the private_key_certificate_chain_pairs arguments and enable the usage of add_secure_port instead of add_insecure_port.

In the same logic ROOT_CERTIFICATES_PATH and REQUIRE_CLIENT_AUTH allow you to fill root_certificates and require_client_auth args

Usage

Server:

# settings.py
GRPC_FRAMEWORK = {
    "PRIVATE_KEY_CERTIFICATE_CHAIN_PAIRS_PATH": [("/path/to/server-key.pem", "/path/to/server.pem")],
    "ROOT_CERTIFICATES_PATH": "/path/to/certificates.pem",
    "REQUIRE_CLIENT_AUTH": True,
}

Client:

import asyncio
import grpc

def create_client_channel(addr: str) -> grpc.aio.Channel:

    with open("/path/to/certificates.pem", "rb") as certificate_file:
    # Channel credential will be valid for the entire channel. See https://grpc.github.io/grpc/python/grpc.html#grpc.ssl_channel_credentials
        channel_credential = grpc.ssl_channel_credentials(
            certificate_file.read()
        )
    channel = grpc.aio.secure_channel(addr, channel_credential)
    return channel

async def main() -> None:
    channel = create_client_channel("localhost:50051")

    # Mock method that make an RPC. If don't know how to make a rpc call see Examples section
    await send_rpc(channel)
    await channel.close()


if __name__ == "__main__":
    asyncio.run(main())